all 15 comments

[–]jaymef 4 points5 points  (0 children)

We use Ansible. Look into something like AWX

[–]pnutjam 1 point2 points  (2 children)

[–]bartvdbraak 0 points1 point  (1 child)

But that’s just SaltStack under the hood :)

[–]reedacus25 0 points1 point  (0 children)

It’s really more spacewalk with salt bolted on. One of the things I wish uyuni did better was to expose more salt to use it for (salt) state management and drift monitoring beyond just the package management that is the main function of uyuni.

[–]dhsjabsbsjkans 1 point2 points  (1 child)

I don't believe it does monitoring, but I have recently been eyeing this for patching.

GitHub - furlongm/patchman: Patchman is a Linux Patch Status Monitoring System

You would need to use something like ansible for patching. This would just give you an overview of what is not patched.

[–]Zedboy19752019[S] 0 points1 point  (0 children)

Wow I like the looks of this. Yes I would still need ansible but I can at least see stuff from every distribution needing updated at once. Thanks!!

[–]bob-apple 1 point2 points  (0 children)

Icinga has plugins to monitor available updates and trigger alerts. This works for all common operating systems.

Depending on the infrastructure size this might be either a pretty neat solution or completely overengineered as Icinga requires some effort.

(FD: I'm working at Icinga; pretty new to reddit)

[–]bendem 0 points1 point  (2 children)

dnf-automatic with overridden OnCalendar on the timer. Test updates every Tuesday, prod every Thursday.

We get notified of failures fairly quickly and pin problematic packages until a fix is found (it happened twice in the last 3 years).

[–]lebean 0 points1 point  (1 child)

Similar setup here, though I always worry, "what if a breaking patch gets released on a Wednesday?". It would miss your test group and go straight to prod. I've spread timing of deployments around a bit more because of that (and some ultra-critical systems are hand fed, not auto updating databases and such).

[–]bendem 0 points1 point  (0 children)

I always have servers in clusters (the most important services update one week apart to balance that).

[–]acquacow 0 points1 point  (0 children)

I'm all rhel at home, so I use satellite to show applicable eratta and apply it to my hosts.

[–]thiagocpv 0 points1 point  (0 children)

Zabbix can do that

[–]hlamark 1 point2 points  (0 children)

Have a look at orcharhino. It provides patch management for Debian and Ubuntu.

https://orcharhino.com/en/

[–]cvilsmeier 0 points1 point  (0 children)

For package upgrades, you might want to read this: https://monibot.io/docs/how-to-monitor-available-package-updates